I have recently had an SSL certificate installed and now my entire website uses it, without errors. I had set up a redirect from http to https but realised it was using a 302 redirect. I currently use the following code which uses a 301 redirect.
Is this correct? Can I remove any part of this, or should I change any part of this?
RewriteEngine On
RewriteCond %{HTTP_HOST} ^website.com [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ http://www.website.com/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Thank you for checking.
The first part of your code is weird, why you redirect on HTTP all and after that on https in second part :) ?
Here is my example, it is similar to yours but I don't need to change every time domain name for example if you use the same pattern on different servers + this will redirect all traffic from http to https
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\d+.BIN_AUTOSSL_CHECK_PL__.\w+.tmp$ [NC]
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+..+.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance.
Related
For a long time we have had our site running without www in front, but we have recently been forced to make a change.
We recently changed from domainhere.com to www.domainhere.com. We already had a redirect from http to https, but need to change the redirect from https://domainhere.com to https://www.domainhere.com.
We used this code. How do we make it still redirect to HTTPS but with www in front?
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.skarpeknive.dk/$1 [R,L]
We found this on Stackoverflow, but it doesn't seem to work. The site bugs on domainhere.com then
#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Maybe there is proxy issue so,try this :
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} !^www\. [OR]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Note: clear browser cache then test
I recently added a SSL certificate to my website and would like to redirect all pages to its secure "version".
Currently I have the following line in my htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} !443
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/$1 [R=301,L]
But when I manually remove the https://www. from the url, it just shows the regular unprotected page.
How can I force all pages to https regardless of www.
I use this code in my main directory (ex. https://www.example.com/.htaccess) on my FTP server:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
Hope it works for you.
I am trying to force non-https to only one folder on the site but the rest all should be https. Here is my .htaccess code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^reports$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([0-9a-zA-Z].+)$ /page.php?title=$1 [L]
ErrorDocument 404 404.php
I guess the problem you have is, that even the reports-folder gets forced to https. Is that right?
That would be, because you put that rule first. The general rule order should be: Most specific first, most general last. So your general https enforcing rule should be last. Or at least it must be after your http enforce rule.
Also you only force /reports/ to http. Everything in that directory would be https again. I think you should change it to
RewriteCond %{REQUEST_URI} ^/reports/(.*)$ [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [R=301,L]
If I see it correctly, you enforce everything to not start with www. Put that rule after the reports-http rule and change it to https. This will save you one redirect.
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Than your https-enforce rule and than the rewrite to page.php if not existing file or directory.
I have to enforce https everytime when the sign-in site-node is loading.
For example http://www.mysite.com/sign-in should always be enforced to https.
I tried multiple versions but none of them worked. It's the first time when I am using .htaccess
here is what i tried:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} sign-in
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI}/$1 [R,L]
You shouldn't use %{REQUEST_URI} and $1 together in rewritten URL.
You can try this code:
RewriteCond %{HTTPS} off
RewriteRule sign-in https://%{HTTP_HOST}%{REQUEST_URI} [L,NC,R=301]
I solved it with :
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} /sign-in
RewriteRule !(.*)lbping(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
So the problem I am currently having is that our entire website is indexed using https. we want to redirect to http using .htaccess. the problem is that we need a couple of URIs to still use https and I am not sure how to write the exception for URIs
I know the below example would work if our site functioned like this www.example.com/account.php but our site urls are like www.example.com/index.php?l=account
# Turn SSL on for account
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/account\.php [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
how can i fix this, any guidance would be appreciated.
thanks
EDIT!
So this code below I have working but I would like to make one more exception that I cant seem to get to work, I also want the root (index.php) to only use http.
I tried using...
RewriteCond %{REQUEST_URI} !^/index.php
but this did not work
# invoke rewrite engine
RewriteEngine On
RewriteBase /
RewriteCond %{https} off
RewriteCond %{QUERY_STRING} !^l=product_detail
RewriteCond %{QUERY_STRING} !^l=product_list
RewriteCond %{QUERY_STRING} !^l=page_view
RewriteRule ^(.*)$ https://%{HTTP_HOST}/development/$1 [R=301,L]
thanks
Try
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/account.php
RewriteCond %{QUERY_STRING} !^l=account
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/account.php [OR]
RewriteCond %{QUERY_STRING} ^l=account
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]